<?php

/************************************

EasyCB, Community Forum Software
Copyright (C) 2007  Jonathon D. Keogh <jonathon.keogh@gmail.com>

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

$Id: page.new.php 88 2007-09-05 00:42:30Z jonathon.keogh $

************************************/

require "inc.func.php";

if(!user_loggedin())
{
	page_redirect("page.login.php");
}

$id = isset($_GET['id']) ? $_GET['id'] : 0;

$_title = "";
$_content = "";

$type = isset($_GET['type']) ? $_GET['type'] : "";
if($type == "topic")
{
	$page_title = "New topic";
	$label_posting = "Creating under";
	$label_title = "Topic title";
	$label_body = "Topic content";
	$label_action = "Create topic";
	if(!board_exists($id))
	{
		page_redirect("page.boards.php");
	}
} elseif($type == "response") {
	$page_title = "Respond to topic";
	$label_posting = "Responding to";
	$label_title = "";
	$label_body = "Response content";
	$label_action = "Respond";
	$topic = db_query("SELECT * FROM `" . config_get("db_prefix") . "topics` WHERE `ID`='" . db_escape($id) . "';");
	if(db_num_rows($topic) == 0)
	{
		page_redirect("page.boards.php");
	}
	$topic = db_fetch_assoc($topic);
} elseif($type == "edit") {
	$page_title = "Edit";
	$label_title = "New title";
	$label_body = "New content";
	$label_action = "Save edit";
	// TODO: Check that the response ($id) exists
} else {
	page_redirect("page.boards.php");
}

page_header($page_title);

if(isset($_POST['content']))
{
	$_title = trim($_POST['title']);
	$_content = trim($_POST['content']);
	
	if($type == "topic")
	{
		if(strlen($_content) < 5)
		{
			$error = "The content is blank or too short";
		} elseif(strlen($_title) < 2) {
			$error = "The title is blank or too short";
		} elseif(strlen($_title) > 100) {
			$error = "The title is too long (100 characters at most)";
		} else {
			db_query("INSERT INTO `" . config_get("db_prefix") . "topics` (`UserID`, `Board`) VALUES ('" . sess_get("UserID") . "', '" . db_escape($id) . "');");
			$tid = mysql_insert_id($__db);
			
			db_query("INSERT INTO `" . config_get("db_prefix") . "posts` (`TopicID`, `Title`, `Content`, `Time`, `IP`, `UserID`) VALUES ('" . db_escape($tid) . "', '" . db_escape($_title) . "', '" . db_escape($_content) . "', '" . time() . "', '" . db_escape($_SERVER['REMOTE_ADDR']) . "', '" . sess_get("UserID") . "');");
			$pid = mysql_insert_id($__db);
			
			db_query("UPDATE `" . config_get("db_prefix") . "topics` SET `LastPost`='" . db_escape($pid) . "' WHERE `ID`='" . db_escape($tid) . "';");
			
			// Update counts for trailing forums (and configuration)
			$trail = explode('|', board_trail($id));
			foreach($trail as $board)
			{
				$count = db_query("SELECT `PostCount`, `TopicCount` FROM `" . config_get("db_prefix") . "boards` WHERE `ID`='" . db_escape($board) . "';");
				$count = db_fetch_assoc($count);
				
				$postcount = $count['PostCount'];
				$topiccount = $count['TopicCount'];
				
				db_query("UPDATE `" . config_get("db_prefix") . "boards` SET `PostCount`='" . ($postcount + 1) . "', `TopicCount`='" . ($topiccount + 1) . "', `LastPost`='" . db_escape($pid) . "' WHERE `ID`='" . db_escape($board) . "';");
			}
			config_set("TopicCount", config_get("TopicCount") + 1);
			config_set("PostCount", config_get("PostCount") + 1);
			
			// For each user
			$users = db_query("SELECT `ID` FROM `" . config_get("db_prefix") . "users`;");
			while($user = db_fetch_assoc($users))
			{
				db_query("INSERT INTO `" . config_get("db_prefix") . "unread` VALUES ('" . db_escape($tid) . "', '" . db_escape($user['ID']) . "', '" . db_escape($pid) . "');");
			}
			
			// Update user's post count
			$postcount = db_query("SELECT `PostCount` FROM `" . config_get("db_prefix") . "users` WHERE `ID`='" . sess_get("UserID") . "';");
			$postcount = db_fetch_assoc($postcount);
			$postcount = $postcount['PostCount'];
			db_query("UPDATE `" . config_get("db_prefix") . "users` SET `PostCount`='" . ($postcount + 1) . "' WHERE `ID`='" . sess_get("UserID") . "';");
		}
		
		if(!isset($error))
		{
			page_redirect("page.topic.php?id=" . urlencode($tid));
		}
	} elseif($type == "response") {
		if(strlen($_content) < 5)
		{
			$error = "The content is blank or too short";
		} else {
			db_query("INSERT INTO `" . config_get("db_prefix") . "posts` (`TopicID`, `Content`, `Time`, `IP`, `UserID`) VALUES ('" . db_escape($id) . "', '" . db_escape($_content) . "', '" . time() . "', '" . db_escape($_SERVER['REMOTE_ADDR']) . "', '" . sess_get("UserID") . "');");
			$pid = mysql_insert_id($__db);
			
			db_query("UPDATE `" . config_get("db_prefix") . "topics` SET `LastPost`='" . db_escape($pid) . "' WHERE `ID`='" . db_escape($id) . "';");
			
			// Update counts for trailing forums (and configuration)
			$trail = explode('|', board_trail($topic['Board']));
			foreach($trail as $board)
			{
				$count = db_query("SELECT `PostCount` FROM `" . config_get("db_prefix") . "boards` WHERE `ID`='" . db_escape($board) . "';");
				$count = db_fetch_assoc($count);
				
				$postcount = $count['PostCount'];
				
				db_query("UPDATE `" . config_get("db_prefix") . "boards` SET `PostCount`='" . ($postcount + 1) . "', `LastPost`='" . db_escape($pid) . "' WHERE `ID`='" . db_escape($board) . "';");
			}
			config_set("PostCount", config_get("PostCount") + 1);
			
			// For each user
			$users = db_query("SELECT `ID` FROM `" . config_get("db_prefix") . "users`;");
			while($user = db_fetch_assoc($users))
			{
				$unreadto = db_query("SELECT * FROM `" . config_get("db_prefix") . "unread` WHERE `UserID`='" . db_escape($user['ID']) . "' AND `TopicID`='" . db_escape($topic['ID']) . "';");
				if(db_num_rows($unreadto) != 0)
				{
					continue;
				}
				
				db_query("INSERT INTO `" . config_get("db_prefix") . "unread` VALUES ('" . db_escape($id) . "', '" . db_escape($user['ID']) . "', '" . db_escape($pid) . "');");
			}
			
			// Update user's post count
			$postcount = db_query("SELECT `PostCount` FROM `" . config_get("db_prefix") . "users` WHERE `ID`='" . sess_get("UserID") . "';");
			$postcount = db_fetch_assoc($postcount);
			$postcount = $postcount['PostCount'];
			db_query("UPDATE `" . config_get("db_prefix") . "users` SET `PostCount`='" . ($postcount + 1) . "' WHERE `ID`='" . sess_get("UserID") . "';");
			
			// Update the topic response count
			db_query("UPDATE `" . config_get("db_prefix") . "topics` SET `PostCount`='" . ($topic['PostCount'] + 1) . "' WHERE `ID`='" . db_escape($id) . "';");
		}
		
		if(!isset($error))
		{
			page_redirect("page.topic.php?id=" . urlencode($id) . "#unread");
		}
	}
	// TODO: response, edit
}

if(isset($error))
{
	page_section("An error occured");
	print "<b style=\"color: #FF0000;\">$error</b>";
	page_section();
}

page_section($page_title);
?>

<form onsubmit="document.getElementById('go').disabled=true;document.getElementById('go').innerHTML='Patience!';" action="?type=<?=urlencode($type) ?>&amp;id=<?=urlencode($id) ?>" method="POST">
	<table>
		<?php
		
		if($type != "edit")
		{
		?>
		<tr>
			<td width="200" valign="top" align="right"><?=$label_posting ?>:</td>
			<td valign="top"><b><?php
			
			if($type == "topic")
			{
				$trail = board_trail($id);
				$trail = explode('|', $trail);
				foreach($trail as $board)
				{
					if($board == 0)
					{
						continue;
					}
					print board_label($board) . ($board == $id ? "" : ": ");
				}
			} elseif($type == "response") {
				$trail = board_trail($topic['Board']);
				$trail = explode('|', $trail);
				foreach($trail as $board)
				{
					if($board == 0)
					{
						continue;
					}
					print board_label($board) . ($board == $id ? "" : ": ");
				}
				
				$firstPost = db_query("SELECT `Title` FROM `" . config_get("db_prefix") . "posts` WHERE `TopicID`='" . db_escape($id) . "' ORDER BY `Time` ASC;");
				$firstPost = db_fetch_assoc($firstPost);
				print $firstPost['Title'];
			}
			
			?></b></td>
		</tr>
		<?php
		}
		
		if($type != "response")
		{
		?>
		<tr>
			<td width="200" valign="top" align="right"><?=$label_title ?>:</td>
			<td valign="top"><input style="width: 500px;" maxlength="100" name="title" onchange="changeTitle(this.value);" value="<?=htmlentities($_title) ?>"></td>
		</tr>
		<?php
		}
		
		?>
		<tr>
			<td width="200" valign="top" align="right"><?=$label_body ?>:</td>
			<td valign="top"><textarea style="width: 500px;" rows="10" name="content" onkeypress="document.getElementById('counter').value=this.value.length;" onchange="document.getElementById('counter').value=this.value.length;"><?=htmlentities($_content) ?></textarea></td>
		</tr>
		<tr>
			<td colspan="2" align="right">Content length: <input value="<?=strlen($_content) ?>" disabled id="counter" size="4" value="0"></td>
		</tr>
		<tr>
			<td colspan="2" align="right"><button id="go" type="submit"><?=$label_action ?></button></td>
		</tr>
	</table>
</form>

<script language="javascript">
<!--

changeTitle('<?=addslashes($_title) ?>');

//-->
</script>

<?php
page_section();

page_footer('$Id: page.new.php 88 2007-09-05 00:42:30Z jonathon.keogh $');

?>